By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,521 Members | 1,460 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,521 IT Pros & Developers. It's quick & easy.

move_uploaded_file + safe_mode

P: n/a
hi,

I would like to upload a file (via a form), then read that (temporary)
file and write the contents into a database. The first problem is that
open_basedir=/home/CUSTOMER so I can't just read it from /tmp.

That's why I used move_uploaded_file() to move the file
to /home/CUSTOMER/DOMAIN/tmp/FILENAME:

================================================== ====
<?php

error_reporting (E_ALL);

// move file to DOMAIN's tmpdir
$client_name = $_FILES['uploadfile']['name'];
$dest = "/home/CUSTOMER/DOMAIN/tmp/$client_name";
move_uploaded_file($_FILES['uploadfile']['tmp_name'], $dest);

// read uploaded file
$tempfile = fopen("$dest","rb");
echo "contents of $client_name=" . fread ($tempfile,1024);

?>
================================================== ====

when I do the fopen I get an error:
Warning: SAFE MODE Restriction in effect. The script whose uid is 0 is not allowed to access /home/CUSTOMER/DOMAIN/tmp/README.html owned by uid 33

This error is because move_uploaded_file() has created README.html
with www-data:www-data (instead of CUSTOMER:CUSTOMER):
-rw------- 1 www-data www-data 12733 Jul 9 14:17 README.html

Next I tried to login via ftp, and do a chmod on that file from there
(I found this trick on www.php.net and it helped with such safe_mode
problems in the past), right after the call to move_uploaded_file():

================================================== ====
// do a chmod 777 via ftp to work around a safe_mode problem
// (file-uploads are created with user=www-data, but on our server
// safe_mode is enabled, and so php-scripts may not open any files
// that are not owned by CUSTOMER:CUSTOMER)
// => we chmod 777 it via ftp so that we can read it
$path = "DOMAIN";
$conn = ftp_connect ("localhost");
$result = ftp_login ($conn, "CUSTOMER", "PASSWORD");
if (!$conn or !$result) { exit ("Couldn't login to ftp!"); }
if (!ftp_site ($conn, "chmod 0777 /DOMAIN/tmp/$client_name")) \{
exit ("Couldn't do ftp_site!");
}
ftp_quit ($conn);
================================================== ====
but then I get permission denied for the ftp-command:
Warning: ftp_site: /DOMAIN/tmp/README.html: Operation not permitted in [...]/testupload.php on line 20
Couldn't do ftp_site!

thanks a lot,
--
Felix Natter
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
one workaround I found is to use the php cgi binary for the file-upload
script, using suexec.

--
Felix Natter
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.